Closed
Bug 1676172
Opened 2 years ago
Closed 2 years ago
Assertion failure: aState.GetHasRequestedDecode() && !aState.GetIsCurrentlyDecoded(), at /builds/worker/checkouts/gecko/image/FrameAnimator.cpp:369
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
VERIFIED
FIXED
85 Branch
People
(Reporter: jkratzer, Assigned: tnikkel)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:bisected,confirmed])
Attachments
(2 files)
Testcase found while fuzzing mozilla-central rev 39d4fdb9f815 (built with --enable-debug).
#0 0x7fe9299c35a1 in mozilla::image::FrameAnimator::RequestRefresh(mozilla::image::AnimationState&, mozilla::TimeStamp const&) /builds/worker/checkouts/gecko/image/FrameAnimator.cpp:368:5
#1 0x7fe9299e2747 in mozilla::image::RasterImage::RequestRefresh(mozilla::TimeStamp const&) /builds/worker/checkouts/gecko/image/RasterImage.cpp:156:27
#2 0x7fe92c8e2b28 in nsRefreshDriver::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:2334:27
#3 0x7fe92c8ea461 in TickDriver /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:374:13
#4 0x7fe92c8ea461 in mozilla::RefreshDriverTimer::TickRefreshDrivers(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp, nsTArray<RefPtr<nsRefreshDriver> >&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:353:7
#5 0x7fe92c8ea34c in mozilla::RefreshDriverTimer::Tick(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:368:5
#6 0x7fe92c8e98f8 in RunRefreshDrivers /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:829:5
#7 0x7fe92c8e98f8 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::TickRefreshDriver(mozilla::layers::BaseTransactionId<mozilla::VsyncIdType>, mozilla::TimeStamp) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:747:16
#8 0x7fe92c8e9200 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyParentProcessVsync() /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:649:7
#9 0x7fe92c8e8c79 in mozilla::VsyncRefreshDriverTimer::RefreshDriverVsyncObserver::NotifyVsync(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/base/nsRefreshDriver.cpp:570:9
#10 0x7fe92ccac5c7 in mozilla::layout::VsyncChild::RecvNotify(mozilla::VsyncEvent const&) /builds/worker/checkouts/gecko/layout/ipc/VsyncChild.cpp:55:16
#11 0x7fe928f5d435 in mozilla::layout::PVsyncChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PVsyncChild.cpp:187:54
#12 0x7fe928d0ec7d in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6268:32
#13 0x7fe9289ccfce in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2150:25
#14 0x7fe9289c978f in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2074:9
#15 0x7fe9289cab96 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1922:3
#16 0x7fe9289cb7bb in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1953:13
#17 0x7fe9280cc5df in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:450:16
#18 0x7fe9280cac4a in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:720:26
#19 0x7fe9280c9cf4 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:579:15
#20 0x7fe9280c9ea7 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:373:36
#21 0x7fe9280cfe36 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:120:37
#22 0x7fe9280cfe36 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_3>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:577:5
#23 0x7fe9280e13b7 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1197:14
#24 0x7fe9280e70fa in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:513:10
#25 0x7fe9289d28b6 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
#26 0x7fe9289447a3 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:334:10
#27 0x7fe9289446bd in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:327:3
#28 0x7fe9289446bd in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:309:3
#29 0x7fe92c639ce8 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
#30 0x7fe92de3fb03 in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:913:20
#31 0x7fe9289d3679 in mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:237:9
#32 0x7fe9289447a3 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:334:10
#33 0x7fe9289446bd in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:327:3
#34 0x7fe9289446bd in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:309:3
#35 0x7fe92de3f6e8 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:744:34
#36 0x56477e53d687 in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:56:28
#37 0x56477e53d687 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:304:18
#38 0x7fe943b5db96 in __libc_start_main /build/glibc-2ORdQG/glibc-2.27/csu/../csu/libc-start.c:310
Flags: in-testsuite?
|
Reporter | |
Comment 1•2 years ago
|
||
Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20201109095222-39d4fdb9f815.
Failed to bisect testcase (Start build crashes!):
Start: d609eb2a8fe2930c6c10dab295eb5106f5ba0bc1 (20191111100226)
End: 7daa0ef24433e58574f3ea0008ad9abb3485f4c6 (20201109035154)
BuildFlags: BuildFlags(asan=False, tsan=False, debug=True, fuzzing=False, coverage=False, valgrind=False)
Whiteboard: [bugmon:confirm] → [bugmon:bisected,confirmed]
|
Assignee | |
Comment 2•2 years ago
•
|
||
I left this running for a while and it never triggered the assert.
|
|
Assignee | |
Comment 3•2 years ago
|
||
With the fuzzing prefs file from bug 1675404 I can reproduce.
|
||
Updated•2 years ago
|
Has Regression Range: --- → yes
|
|
Assignee | |
Comment 4•2 years ago
|
||
Patches for this in the 3 dependant bugs so I can land them separately.
|
|
Assignee | |
Comment 5•2 years ago
|
||
|
|
Assignee | |
Updated•2 years ago
|
Assignee: nobody → tnikkel
Pushed by tnikkel@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b9aa322c7e11 Add crashtest. r=aosmond
|
||
Comment 7•2 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox85:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 85 Branch
|
||
Updated•2 years ago
|
status-firefox83:
--- → wontfix
status-firefox-esr78:
--- → wontfix
Flags: in-testsuite? → in-testsuite+
Keywords: regression
|
|
Reporter | |
Comment 8•2 years ago
|
||
Bugmon Analysis:
Verified bug as fixed on rev mozilla-central 20201118160535-2f08ec7e57c3.
Removing bugmon keyword as no further action possible.
Please review the bug and re-add the keyword for further analysis.
|
|
Reporter | |
Comment 9•2 years ago
|
||
Bugmon Analysis:
Verified bug as fixed on rev mozilla-central 20201118160535-2f08ec7e57c3.
Removing bugmon keyword as no further action possible.
Please review the bug and re-add the keyword for further analysis.
You need to log in
before you can comment on or make changes to this bug.
Description
•